We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
2016 should be the year we stop categorising the difference between insider threats and externals attacks. The biggest challenge for the year ahead will be joining up traditional perimeter defences with better protection against attacks from the inside.
2016: Time to review internal security
Gartner has predicted that 95% of cloud security failures will be the customer’s fault and more specifically, are attributable to poor internal security practices. Being able fully to trace and managed the internal movement of data isn’t just going to be important if you have a cloud provider.
It makes security sense too. If you look at the most high-profile hacks of recent years, weak internal defences are the common denominator. After the initial breach, when there are few internal barriers, lateral movement and therefore damage is easy. Strengthening internal access provision isn’t just a cyber threat deterrent, it prevents the likelihood of data breach from insiders, which actually accounts for the majority of data breaches. In 2016 we will have another reason too – complying with EU’s GDPR will require a review of how data is stored, processed and moved.
Cyber risk mitigation: Steps to take before investing in a cyber insurance policy
If your firm is considering a cyber insurance policy, you are not alone. Cyber is now considered the biggest threat to UK businesses and the meteoric rise of the cyber insurance market is proof of that demand. Paying an insurance company to share some business risk makes good commercial sense. But be warned, putting a cyber-premium in place does not guarantee a payout should a breach occur unless all required security measures are enforced. According to a study we conducted, around half of IT pros weren’t able to tell if necessary security software updates were being made successfully, or if ex-employees or contractors still had access to the systems. Better, instead, focus on getting some of these basic security measures in place and ensuring the IT department is involved in any decision making regarding a cyber policy from the start.
Data loss to become a people issue, not just a tech problem
CISOs under pressure to provide impermeable defences against external threats may be relieved to hear current thinking suggests that enterprise security should be managed holistically, i.e., by the IT department working in conjunction with other business areas, like HR. Organisations may be missing ‘predictable behaviour cues’ that would presage a hack. In the holistic model, the IT department provides the IT security tools and the HR department provides the appropriate processes and procedures that need to be followed, as well as creating a necessarily more ‘vigilant’ culture.
With the Christmas bonus season nearly upon us, what’s the chance that a disappointed worker will start to display behaviour that warrants closer scrutiny?
TalkTalk Lessons: IT security needs to come out of the shadows
I sincerely hope there will be many lessons learned from the TalkTalk hack. Perhaps the most important is to have strong, IT-literate leadership. If cybercrime is the number one threat to UK business, why are there so few technology experts at board-level? TalkTalk should be the battering ram security professionals use to open up the C-suite over the next 12 months.
